// 权限管理配置
export interface Permission {
  name: string
  roles: string[]
  description?: string
}

export interface RoutePermission {
  path: string
  roles: string[]
  redirect?: string
}

// 权限定义
export const PERMISSIONS: Record<string, Permission> = {
  // 基础权限
  VIEW_DASHBOARD: {
    name: 'view_dashboard',
    roles: ['teacher', 'student'],
    description: '查看仪表板'
  },
  
  // 教师权限
  MANAGE_CLASSES: {
    name: 'manage_classes',
    roles: ['teacher'],
    description: '管理班级'
  },
  
  MANAGE_STUDENTS: {
    name: 'manage_students',
    roles: ['teacher'],
    description: '管理学生'
  },
  
  CREATE_EXAMS: {
    name: 'create_exams',
    roles: ['teacher'],
    description: '创建考试'
  },
  
  GRADE_EXAMS: {
    name: 'grade_exams',
    roles: ['teacher'],
    description: '批改考试'
  },
  
  MANAGE_QUESTIONS: {
    name: 'manage_questions',
    roles: ['teacher'],
    description: '管理题库'
  },
  
  UPLOAD_RESOURCES: {
    name: 'upload_resources',
    roles: ['teacher'],
    description: '上传教学资源'
  },
  
  VIEW_ANALYTICS: {
    name: 'view_analytics',
    roles: ['teacher'],
    description: '查看数据分析'
  },
  
  // 学生权限
  TAKE_EXAMS: {
    name: 'take_exams',
    roles: ['student'],
    description: '参加考试'
  },
  
  VIEW_SCORES: {
    name: 'view_scores',
    roles: ['student'],
    description: '查看成绩'
  },
  
  SUBMIT_HOMEWORK: {
    name: 'submit_homework',
    roles: ['student'],
    description: '提交作业'
  },
  
  // 共同权限
  USE_AI_CHAT: {
    name: 'use_ai_chat',
    roles: ['teacher', 'student'],
    description: '使用AI聊天'
  },
  
  VIEW_RESOURCES: {
    name: 'view_resources',
    roles: ['teacher', 'student'],
    description: '查看学习资源'
  },
  
  UPDATE_PROFILE: {
    name: 'update_profile',
    roles: ['teacher', 'student'],
    description: '更新个人信息'
  }
}

// 路由权限配置
export const ROUTE_PERMISSIONS: RoutePermission[] = [
  // 公共路由（无需认证）
  { path: '/', roles: [] },
  { path: '/login', roles: [] },
  { path: '/register', roles: [] },
  { path: '/forget-password', roles: [] },
  
  // 教师专用路由
  { path: '/teacher-home', roles: ['teacher'] },
  
  // 学生专用路由
  { path: '/student-home', roles: ['student'] },
  
  // 共同路由（需要认证）
  { path: '/chat', roles: ['teacher', 'student'] },
  { path: '/personal-info', roles: ['teacher', 'student'] },
  { path: '/questions', roles: ['teacher'] },
  { path: '/resources', roles: ['teacher', 'student'] },
  
  // 考试相关路由
  { path: '/student-exam', roles: ['student'] },
  { path: '/student-exam-realize', roles: ['student'] },
  { path: '/student-exam-resource', roles: ['student'] }
]

// 权限检查工具函数
export class PermissionManager {
  static hasPermission(userRole: string | null, permissionName: string): boolean {
    if (!userRole) return false
    
    const permission = PERMISSIONS[permissionName]
    if (!permission) return false
    
    return permission.roles.includes(userRole)
  }
  
  static hasRoutePermission(userRole: string | null, routePath: string): boolean {
    const routePermission = ROUTE_PERMISSIONS.find(route => route.path === routePath)
    
    // 如果路由未配置权限，默认需要认证
    if (!routePermission) return !!userRole
    
    // 如果路由不需要权限（roles为空），允许访问
    if (routePermission.roles.length === 0) return true
    
    // 检查用户角色是否匹配
    if (!userRole) return false
    return routePermission.roles.includes(userRole)
  }
  
  static getRedirectPath(userRole: string | null, targetPath: string): string | null {
    if (!userRole) return '/login'
    
    const routePermission = ROUTE_PERMISSIONS.find(route => route.path === targetPath)
    
    if (!routePermission) {
      // 如果路由未配置，根据用户角色重定向到对应主页
      return userRole === 'teacher' ? '/teacher-home' : '/student-home'
    }
    
    if (routePermission.roles.length === 0) return null // 公共路由
    
    if (!this.hasRoutePermission(userRole, targetPath)) {
      // 没有权限时的重定向
      return routePermission.redirect || (userRole === 'teacher' ? '/teacher-home' : '/student-home')
    }
    
    return null // 有权限，不需要重定向
  }
  
  static getUserPermissions(userRole: string | null): Permission[] {
    if (!userRole) return []
    
    return Object.values(PERMISSIONS).filter(permission => 
      permission.roles.includes(userRole)
    )
  }
  
  static getAccessibleRoutes(userRole: string | null): RoutePermission[] {
    if (!userRole) {
      return ROUTE_PERMISSIONS.filter(route => route.roles.length === 0)
    }
    
    return ROUTE_PERMISSIONS.filter(route => 
      route.roles.length === 0 || route.roles.includes(userRole)
    )
  }
}

// Vue 3 组合式 API 权限检查
import { computed } from 'vue'
import { useAuth } from './useAuth'

export const usePermissions = () => {
  const { userRole } = useAuth()
  
  const hasPermission = (permissionName: string) => {
    return computed(() => PermissionManager.hasPermission(userRole.value, permissionName))
  }
  
  const hasRoutePermission = (routePath: string) => {
    return computed(() => PermissionManager.hasRoutePermission(userRole.value, routePath))
  }
  
  const userPermissions = computed(() => 
    PermissionManager.getUserPermissions(userRole.value)
  )
  
  const accessibleRoutes = computed(() => 
    PermissionManager.getAccessibleRoutes(userRole.value)
  )
  
  return {
    hasPermission,
    hasRoutePermission,
    userPermissions,
    accessibleRoutes,
    PermissionManager
  }
}
